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1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or-(f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 

2) CD Notice of Drafts person's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) CI Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) O Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20050525 



Application/Control Number: 09/916,714 Page 2 
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CLAIMS 1, 7-8, 10-14, 20-21 AND 23-34 ARE PENDING 

1 . The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

2. Applicant's arguments filed 4/28/05 have been fully considered but they are 
not persuasive. 

Applicant has omitted to take into account crucial aspects of the specification and 
the corresponding aspects of the rejections and references in the analysis of the 
response. 

The BACKGROUND of the specification sets forth a context in which a database 
may be organized by a tree-based index. In standard practice, this is a logical structure 
that does not require the physical rearrangement of data within a database or memory, 
but which does organize access to it according to the constraints of a tree structure. 
Since no specific variations from standard practice are noted in the specification, such 
practices are to be assumed as the intent. 

The significance of virus signatures is then noted, and the SUMMARY proceeds 
to discuss virus signatures being arranged into a tree structure. For the sake of compact 
prosecution, it is assumed that the tree of virus signatures of the claims is an access 
structure corresponding to a tree-based index. 
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If the literal and physical arrangement of virus signatures is intended, then a 
question of 35 USC 112, first paragraph must be raised, since memories are not so 
arranged in practice, and one of skill in the art would not know how to make and use the 
invention. 

In the response, applicant states that: With respect to each of the independent 
claims, the Examiner has relied on the follow excerpts from Radatti ... 

However, these excerpts cited omit a crucial citation, namely [0005], in which 
Radatti discusses the updating of a virus signature database. It is this intended 
embodiment that is then presented in generalized form in the disclosure of Radatti. In 
particular, the updatejndex files organize data, which may be virus signature files, into 
a tree structure as cited in the excerpts. Thus Radatti is directed to a tree-based index 
of virus signatures in the very same sense as the claims when read in light of the 
specification. 

3. Claims 1,8,10-14,20,21, 23-29 and 31 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Radatti, US 20020170052, 14 November 2002 and 
Corman et al (Corman), Introduction to Algorithms, the MIT Press, 1986, Section 
5.5, pp. 91-97 and Chapter 13, pp. 244-262. 

In light of the specification, the tree structures of the claims are taken to be 
logical trees corresponding to a tree-based index. 
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Radatti is directed to data transmission of antivirus software in order to update a 
virus signature database that is used to recognize virus code [001], [005]. 
As to claim 1: 

identifying a list of virus signatures 

The virus signature database corresponds to a list of virus signatures, and an 

updatejndex file that may contain a plurality of updates [see below] is an index of files 

containing signatures. 

combining the list of virus signatures into a tree of virus signatures 

In some embodiments of Radatti the updatejndex file is referential and 

organized into a tree [0034], [0047]. Such an index organizes the underlying data into a 

tree determined by access to it via the index. 

comparing data against the tree of virus signatures for virus signature recognition 

This is taught at least in FIG 1 box 11. In more detail: 

wherein the virus signatures each include a sequence of characters 

The data transmitted, including upgrades to virus signatures may be a sequence 

of characters [0011]. 

wherein the tree includes a plurality of branches each including a sequence of 

characters 

It is the nature of a tree with more than one node to include a plurality of 
branches. 
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Radatti does not explicitly teach this and some other limitations noted below that 
were so well known to practitioners of the art that no explicit teaching is required. 
However, Corman is a freshman text that teaches the basic nature of trees in general, 
and search trees that correspond to database indexes in particular. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the standard treatments of trees as taught by Corman into the 
index trees of Radatti because it is efficient to incorporate a well known body of 
knowledge instead of developing a new one. 

Corman provides evidence of the plurality of branches of trees in the basic 
discussion of trees, Section 5.5, pp. 91-97, in particular FIG 5.7 page 95, and search 
trees such as the indexes of Radatti in Chapter 13, pp. 244-262. 

wherein a portion of the branches corresponds to a plurality of the virus 
signatures 

This is clearly an aspect of the referential updatejndex file structure noted above 
[0034], [0047]. 

wherein the efficiency of the virus signature recognition is improved by reducing 
an amount of virus signature data that is compared against the data 

This is the nature of both an index and a hash function, and of a search tree in 
general. See also the discussion of search the search time advantages of binary search 
trees, Corman page 244. 

wherein the branches include upper branch portions and lower branch portions 

See Corman, FIG 5.6 page 94; FIG 13, page 245. 
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As to claim 8, wherein the characters of the tree of virus signatures are 
obfuscated to prevent detection by the comparison. 

The hash function included in the updatejndex is a form of obfuscation [0024]- 

[0033]. 

As to claims 10-12: wherein the comparing includes comparing the data against 
the upper branch portions of the tree. 

This is the nature of the tree walk of a search tree such as the updatejndex of 
Radatti. See Corman page 245 and after. 

As to claim 13: wherein data is eligible to be declared clean upon the 
unsuccessful comparison of the data against an entirety of at least one branch that 
includes all of the characters of one of the virus signatures 

This is simply the consequence of reaching a leaf node of a search tree of virus 
signatures without finding a virus. It is the nature of such a search that a failure to find 
any matching virus signature indicates that there is none to the extent that the database 
can be used for the determination. 

The elements of claims 14, 20, 21 and 23-29 are rejected in the analysis above 
and these claims are rejected on that basis. 

As to claim 31, both the formation of an updatejndex and hashing comprise 
pre-processing. 
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4. Claims 7, 30 and 32-33 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Radatti, US 20020170052, 14 November 2002 and Corman et al 
(Corman), Introduction to Algorithms, the MIT Press, 1986, Section 5.5, pp. 91-97 
and Chapter 13, pp. 244-262 in further view of Arnold, US 5,440,712, 8 August 
1995. 

Neither Radatti nor Corman teach the use of wildcards during virus detection, but 
Arnold does so. 

As to claim 7, Arnold teaches the use of wildcards during virus detection [COL 
1 1 lines 53-60] and in more particular, that they can be added to existing virus detection 
software [COL 14 lines 31-48]. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to incorporate wildcards into the virus detection software of Radatti because 
adds robustness to variations in a virus. 

As to claims 30 and 32-33, Arnold teaches the well-known use of the exclusive- 
OR operation, virus location within a file, reduction of virus portion compared, 
decryption, and emulation in the context of virus detection [COL 8 lines 17-60; COL 13 
lines 52-67]. 

5. Claim 34 is objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims. 
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While it is considered that this limitation is within the purview of a programmer of 
ordinary skill in the art, it is neither inherent nor obvious on the basis of the prior art of 
record. 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Wayne Amsbury whose telephone number is 571-272- 
4015. The examiner can normally be reached on M-F 6-18:30 FIRST WEEK. 

If attempts to rieach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Safet Metjahic can be reached on 571-272-4023. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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